A typical bit of feedback I have had during my time at Splunk is that the Splunk Machine Learning Toolkit (MLTK) looks nice and all, but how are we supposed to get started using it? Choosing the right technique, let alone the right algorithm can be a daunting task for those who are unfamiliar with machine learning (ML). We’ve been thinking long and hard about how we can help offer more prescriptive introductions into using ML at Splunk and I’m pleased to present our set of MLTK deep dives.

MongoDB is a cross-platform NoSQL database that uses JSON-like documents with optional schema to store data. It was designed for high availability, high performance for high-data persistance use cases, and automatic scaling. Of course, all with the right infrastructure in mind. It is usually a good choice for document-oriented use cases when you need quick prototyping or massive scale. With the massive scale comes massive traffic, though.

So far in our series on scaling observability for game launches, we’ve discussed ways to 1) quickly analyze large volumes of telemetry data and, 2) ensure high-quality telemetry data for more effective analysis at lower costs. The best practices in these blogs outline best practices for scaling observability during game launch day – which is necessary to ensure high performance across all infrastructure components – to ensure no lag, no glitches, and no bugs.

HashiCorp Consul began as an open-source project for service discovery. It has evolved to provide other valuable functionality like secure service mesh to help secure microservice architectures based on service identity, but also the ability to achieve repeatable application deployment lifecycles via Network Infrastructure Automation and control access to the service mesh via Consul API Gateway.These features are considered the four core pillars of Consul service networking.

What is an observability engineer? Is it your SIEM admin? How about your application performance monitoring admin? Neither? Both? Observability engineering is more than administering a tool. There is more to it than data onboarding, writing parsers, and getting data in. As an observability tool admin, you work with data producers and consumers to get data in a human-readable and searchable format from the source to the analytics system.

Network monitoring is ideal for getting a real-time view of your connected environment, and with reports, you can look back in time too. Logs are key to this rear-view mirror look, as they contain all the data for all the elements you are monitoring. But without network log archiving, you can only look back so far. Did you know that according to an IBM/Ponemon study, it takes an average of 287 days to discover and contain a data breach?

Synthetic monitoring can be one of the most powerful tools in your DevOps team’s toolkit, especially for the SRE, yet is one that is often overlooked by people building out a reliability mindset. Synthetic monitoring permits you to simulate any transaction or interaction users can have in your website or app, from places around the world, as often as you’d like.

If you’re wondering if that classic car you’ve been scoping out on Bring a Trailer or eBay Motors is as authentic as posited by the seller – specifically re: the common claims of “original paint” or “high quality respray” – you’re going to want to take a closer look around the edges. This is because a talented painter can make a second or 30th-hand vehicle look pretty snazzy with a well-affected, if not super high-quality, repaint.

This article is the final installment in a series that demystifies observability. The first three focused on the history of observability, dispelling myths around observability, and what observability is and what it can offer. In this last article of the series (Check out part 1), I want to offer a complete definition of observability.

Logging is a critical part of the software development lifecycle allowing developers to debug their apps, DevOps/SRE teams to troubleshoot issues, and security admins to analyze access. Cloud Logging provides a powerful pipeline to reliably ingest logs at scale and quickly find your logs. Today, we’re pleased to announce Log Analytics, a new set of features in Cloud Logging available in Preview, powered by BigQuery that allows you to gain even more insights and value from your logs.

When building alerts, engineers aim to create accurate, timely, and actionable alerts. In pursuit of this goal, many engineers will leverage PromQL throughout their careers. PromQL is the query language used by Prometheus and Alert Manager to query metrics and define alerting rules. While PromQL works very well for simple use cases, as infrastructure scales, architectural patterns grow more complex, engineering practices accelerate, and alerting use cases become more multivariate.

How easy is it to work with your security tools? So easy that you’re telling all your family and friends and you singing their praises from the occasional rooftop? Well, we sure hope so. Security tools, like any other tool, should help you save time, not waste it. Nobody would have invented a drill if screwdrivers were fast enough — but it’s also up to you to make sure you are using your drill and all the other power tools available in the modern world.

We’re excited to announce the general availability of the Mezmo Agent 3.6, which introduces Windows support to our Rust Agent. At the end of this blog, we’ll also highlight important updates to our Agent Deprecation schedule.

Application Performance Monitoring (APM) is great for tracking the health and performance of your software tool. APM helps you understand what's happening inside your application by monitoring various parameters such as CPU/memory stress, internal network throughput, and more. However, mixing in log analytics can take your APM game up a notch. Almost all software tools generate logs when they run.

The question isn't whether an incident will happen: it's when it will happen. Systems will crash. Software will fail. Vendors will suffer an outage of their own. It's your job to be prepared for these problems, and incident severity levels are one of the tools you need. Incidents have varying impacts on your business and customers. Incident severity levels are how you classify their impact and manage your response.

It's always interesting to hear what feature requests dashboard users share with our product team. Sometimes it's big things — such as being able to set tokens on drilldowns — and sometimes it's little things. In Splunk Cloud Platform 9.0.2208, we've included a handful of Dashboard Studio "little things" updates.

In Part I in our series outlining best practices for scaling observability, we reviewed the data analysis capabilities that can help engineers troubleshoot faster during high pressure situations during a game launch. Nobody wants lag time or crashes in their game launch. Similarly, no one wants terminated sessions or for your gamer customers to log off and play a competitor’s game.

The Dynatrace platform is a software-driven monitoring platform that simplifies enterprise cloud complexity and accelerates the pace of digital transformation for enterprises. There are many top solutions on the market, but Dynatrace is one of the most popular for its ability to monitor both mobile apps and real users simultaneously. By offering a shared platform for understanding metrics, Dynatrace also helps developers, operations, and business teams improve performance.

September is here, and that means many retailers have already begun preparing for the upcoming holiday season. One weekend in particular tends to be the real-life stress test that companies have come to develop a love-hate relationship with: Cyber Weekend. Or more specifically, Black Friday, Cyber Monday, and the weekend in between.

Everybody is starting to look more at object storage to deliver on data lake initiatives, and S3, specifically Amazon S3, is the gold standard for that. In addition, we’ve heard from many of you that setting up S3 as a destination is a must when starting with Cribl Stream. So in this article we’ll walk you through the setup.

Observability is one of the most critical ways to improve visibility and control over complex software systems. If you've ever wondered how observability differs from monitoring, then this guide will explain some of the key differences between these two popular concepts.

Search is the key to improving the customer experience–and business outcomes Retailers that weathered the global pandemic now face new challenges: emerging shopping patterns, competitive upstarts, and economic uncertainty.

In the observability toolchain, all of our efforts go into data storage and analysis, and the usability of our system becomes a second-class citizen. Autocomplete is a crucial usability feature that significantly improves the developer experience. It is ubiquitous amongst engineering tools from IDEs to CLIs. Autocomplete has long been a feature of many observability tools, but they all miss a crucial detail – optimizing for developer productivity.

All the various systems in IT, from cloud infrastructures and servers to applications and wireless networks, are hubs for activity and traffic. One way administrators are able to keep an eye on the activity, current and past of their systems, is by keeping logs and analyzing them both in real-time and regularly.

We believe that one of the most powerful capabilities added to the Logz.io Observability Platform in recent months is our new Service Performance Monitoring (SPM) feature set. As you may have seen earlier this year, Logz.io was named a Visionary in the 2022 Gartner® Magic Quadrant(™) for Application Performance Monitoring and Observability. To that end, SPM is a cornerstone for our related solutions.

One of the core features of Cribl Stream is our Replay capability. We pride ourselves on giving customers choice and control over their data. The ability to archive data in cheap object storage, and then providing the ability to reach into the same object storage is one example of this. It’s safe to say that S3 and AWS have become synonymous with the term object storage. It’s like a modern day Kleenex, or Band-Aid.

Heroku is a cloud provider well known for its simplicity and its support out of the box for multiple programming languages. When thinking about consuming logs from applications hosted in Heroku, Grafana Loki is a great choice. But in the past, shipping logs from Heroku to any Loki instance required ad-hoc scripts to fiddle with Heroku’s logs format and send them. This can be a time-consuming experience.

After months–or potentially, years–of hard work by teams across a gaming enterprise, when the day arrives for a game launch, the last thing your enterprise needs is slowdowns, glitches, outages or poor performance. It’s the death knell for any game, because for your avid gaming customers, there’s always something else (read: a game that isn’t yours) to check out.

In Cribl Stream and Cribl Edge, you can operate on your observability event data in flight, all the way down to the field level. Instead of writing complex regex to wrangle JSON and other structured formats, use Cribl’s built-in functions and extensibility to get the results you want. You’ll see formerly complex situations become easier to address and manage over the long term. In this blog, we’ll cover two troublesome use cases.

Splunk Mobile puts the power of Splunk in your hands. But with great power, comes great responsibility. That’s why this year with the release of Splunk Enterprise 9.0, we’ve shipped Splunk Secure Gateway (the backend service that powers Splunk Mobile) with even more features and tools to help you responsibly manage your mobile fleet.

Stoking fears about the threat landscape is a popular approach, and one that I don’t particularly care for. Many will tell you that the threat landscape is constantly changing, that threats are getting more complex, and that actors are getting more sophisticated. “The whole world is getting more difficult and scarier, so buy our stuff!” There’s a ton of media sensationalism too, with the popular image of the hacker sitting at a computer, wearing a dark hoodie.

Syslog is a very common method for transmitting data from network devices and open systems servers data to analytics platforms like Elastic and Splunk. As adaptable as syslog is, it still has significant constraints, which is a pain for most companies that lack the resources to scale their capability needed for syslog.

We're excited to announce that starting with the new Splunk Cloud Product 9.0.2205 release, it's easier to create, manage and use private apps. Although Splunk is great by itself, we can all agree that the real value of Splunk comes from all the applications that Developers, SplunkTrust folks and Splunkers build.

Have you ever tried to find a bug in a multi-layered architecture? Although this might sound like a simple enough task, it can quickly become a nightmare if the system doesn’t have proper monitoring. And the more distributed your system is, the more complex it becomes to analyze the root cause of a problem. That’s precisely why observability is key in distributed systems. Observability can be thought of as the advanced version of application monitoring.

At this point, you already know how powerful syslog is (and if you don’t, check out “Introduction to Syslog”). But here’s the thing: Scaling your systems to consume high volume syslog is like fighting zombies. Weird unexpected behavior and no easy solutions. Before you fight zombies, though, you have to understand them. So, here are the challenges for scaling syslog one by one.

Most classical, batch-oriented machine learning systems follow the paradigm of “fit and apply”. In an earlier blog post, I discussed a few patterns on how to better organize data pipelines and machine learning workflows in Splunk. In this blog, we’ll review how you can organize your machine learning model in a new way: online learning.

A goal of open-source observability is unifying several different signals to provide the observability everyone wants. It’s always interesting to speak to people on this journey, and how they try to provide it through open-source projects, and the challenges they can face. I was thrilled to host Pranay Prateek on the most recent episode of the OpenObservability Talks podcast.

Syslog is an event logging standard that lets almost any device or application send data about status, events, diagnostics, and more. It’s commonly used by network and storage devices to ship observability data to analytics platforms and SIEMs in order to support and secure the enterprise. Syslog is an excellent lightweight protocol to get telemetry from small scale devices.

Splunk embodies the top 5 principles of unified security and observability, and has been an expert in log management, security, and observability for years.

Amazon Virtual Private Cloud (Amazon VPC) is an isolated and secure virtual network in which you can deploy resources, such as Amazon Elastic Compute Cloud (EC2) and Amazon Relational Database Service (RDS) instances, while restricting their exposure to the internet. As part of your monitoring strategy, you can collect and analyze VPC flow logs, which record network traffic flow between VPC components.

I'm excited to announce that Splunk Data Manager now supports onboarding of Google Cloud Platform (GCP) data sources, effective immediately. With this launch, you can now get the benefits of Splunk data analysis for the high-value events generated by Google Cloud when you onboard GCP data sources into Splunk using Data Manager.

Hot summer days mean beautiful weather for picnics, pool days, and trips with the family. While you’re out this summer enjoying the sun, leave your laptop and backpack behind, because with Splunk Mobile, you’ll always be ready to access dashboards or receive alerts no matter where you are. The new features announced this year at.conf22 let you do even more from the comfort of your pool chaise!

Amazon Web Services (AWS) recently announced the ability to publish VPC Flow Logs directly to Amazon Kinesis Data Firehose. For Splunk customers, this feature helps to optimize the architecture to send VPC Flow Logs directly to Splunk Enterprise or Splunk Cloud Platform. With a fully managed service like Amazon Kinesis Data Firehose, users don’t have to worry about scaling, and can optionally transform their data in near real-time and enjoy the cost-effective, reliable service.

A logging framework is a software tool that helps developers output diagnostic information during the execution of a program. This information is used to debug the program or monitor its performance. There are many different logging frameworks available, starting with simple logging libraries to full-fledged logging and observability platforms.

Without Network Monitoring, there is no good way to get a real-time view of your connected environment. But with Network Monitoring reports, you can look backwards to spot problems and trends. Just as vital are logs that deepen this rear-view mirror look, as they contain all the data for all the elements you are monitoring.

To keep Splunk running like a well-oiled machine, admins need to ensure that good data onboarding hygiene is practiced. Traditionally, this meant ensuring that your props.conf was configured with the “Magic 8” and that the REGEX in your transforms.conf was both precise and efficient.

An essential aspect of operating any application is the ability to observe the health and performance of that application and of the underlying infrastructure to quickly resolve issues as they arise. Google Kubernetes Engine (GKE) already provides audit logs, operational logs, and metrics along with out-of-the-box dashboards and automatic error reporting to facilitate running reliable applications at scale.

Akka’s license change has surprised many of us, but it didn’t come out of nowhere. Lightbend recently announced that Akka will be transitioning from an “Open Source” license to a “Source available” license called BSL 1.1. Let’s unpack this to understand what it all means.

Written by Andrew Puch and Brian Langbecker You use NGINX as a proxy for your application, and you want to leverage your favorite features in Honeycomb to help make sense of the traffic data. Have no fear: Honeycomb is more than capable and ready to help! Things you will need: Before you start with the instructions, let’s discuss a lightweight tool called Honeytail. This utility will tail log files, parse the various formats, and send the data to Honeycomb.

As a DevOps engineer or SRE, you are often faced with investigating complex problems — mysterious application performance issues that happen intermittently or to only certain portions of your application traffic — that impact your end users and potentially your company’s financial targets. Sifting through hundreds or even thousands of transactions and spans can be a lot of tedious, manual, and time consuming investigative work.

One of the biggest buzzwords (or really, buzz acronyms) to pop up in the cybersecurity space in recent years is XDR, or, extended detection and response. The term was coined in 2018 by Nir Zuk, CTO and co-founder of Palo Alto Networks. It was posited as a new way to think about security, where data is taken from several platforms and it gets correlated and analyzed.

A recent ESG/ISSA survey highlighted that security professionals are overwhelmed with competing proprietary data standards and integration challenges. Today’s security landscape often comprises dozens of tools, each with its own unique format. Even if the format is defined and widely adopted, like Syslog, implementations vary widely from tool to tool, or even from release to release for the same tool. How big of a problem are these differing data formats?

Technically speaking, observability offers visibility into the data being generated by your infrastructure devices, systems, and applications — but in reality, it offers the opportunity to see what’s happening, There’s no guarantee that you’ll get what you want; you have to set things up in a way that makes it possible for you to get the insights you need.

The 1.7 release of the Splunk App for Content Packs comes with a slew of new awesomeness for the Content Pack for ITSI Monitoring and Alerting designed to bolster your IT operations team’s visibility and AIOps posture! Previous versions of the content pack focused on making it easy for you to create and group Notable Events from ITSI Services and third-party monitoring tools.

Stateful, commonly monolithic, and absolutely fundamental to system design, the quality of your database administration and operation is a key determinant of your overall success. Databases are the cornerstone of modern architecture, requiring constant effort, investigation, and iteration to get the most out of a database. This makes it all the more terrifying when an outage occurs.

Every day, dashboards are viewed more than 500,000 times at Splunk. They’re what make the sea of data intelligible and help tell a story when working with a team. However, constant net-new dashboard creation is not necessarily a value-add activity — it’s a workflow to rapidly turn data into doing.